When to manage Microservices as a Mesh or as APIs

Transcript

1. July, 2020 When to manage Microservices as a Mesh or

   as APIs Mark Cheshire Director, Product Management 1

2. North-South model for traditional API Management Gateway API API Client

   • APIs as a digital access point for your business • Security, developer onboarding and analytics • “North-South” service architecture pattern • Requires traditional API management capabilities • APIs As A Product API Gateway 2

3. Managing APIs for External Clients API Products and backends Example

   3 https://www.company.com Affiliate Website Mobile Partner Widget Internet Shipping Web plan Mobile plan Widget Customers Finance Tracking Logistics $ API Consumers API Products API Backends http://api.widget.local https://database.api/custrs https://finance.dept wss://tracking/api/v1 https://gds.log/api https://widget.company.com https://shipping.company.com Enterprise Boundary

4. East-West model for Microservice Mesh • APIs as an interaction

   pattern between microservices • Separation of control plane and data plane • Scaling management to 1000s of APIs • Distributed tracing, mutual TLS, whitelist/blacklist • “East-West” service architecture pattern • Service Mesh Microservices API API API API API API 4

5. When to use API Management and when to use Service

   Mesh Management? Microservice Microservice MS 1 MS 2 MS n Microservices group A Microservice MS 1 MS 2 MS n Microservices group B API Product Enterprise boundary External facing APIs Internal facing Microservice API Consumers

6. North-South Management East-West Management API Management for external traffic, Service

   Mesh Management for internal traffic Microservice Microservice MS 1 MS 2 MS n Microservices group A Microservice MS 1 MS 2 MS n Microservices group B API Product Enterprise boundary External facing APIs Internal facing Microservice API Consumers

7. North-South Management East-West Management API Management for external traffic, Service

   Mesh Management for internal traffic Microservice Microservice MS 1 MS 2 MS n Microservices group A Microservice MS 1 MS 2 MS n Microservices group B API Product Enterprise boundary External facing APIs Internal facing Microservice API Consumers

8. Not so easy! 8

9. Manage interfaces at Domain Boundaries just like at the Enterprise

   Boundary Enterprise boundary Inter Domain APIs Intra Domain Microservice Domain Boundary

10. What distinguishes Inter- and Intra-Domain traffic? 10 Hierarchical producer/consumer Network

    graph of connected services • Usually 1:N • Differentiate roles for consumer groups • AuthN + AuthZ • Formalized “contracts” • Guided discovery with developer portal and docs • Usually 1:1 • Consumers are part of the same team • AuthN • Implicit “contracts” • Internal documentation within code

11. Service Mesh AND API Management 11 Manage the relationship between

    APIs/Services and their consumers API Management Deliver advanced traffic control, security, resilience and observability for cloud-native apps Service Mesh

12. Red Hat Integration across App Architecture 12 ISTIO SERVICE MESH

    OPENSHIFT Config Monitoring Infra Security Release Management Load Balancing Deployment Resiliency Service Discovery Resource Management Elasticity Logs Resilience Observability Traffic Control Security "TRADITIONAL" ARCHITECTURE MICROSERVICE ARCHITECTURE 3SCALE API MANAGEMENT Monetization Developer Portal Analytics Authorization Authentication

13. Serving different stakeholders ISTIO SERVICE MESH OPENSHIFT "TRADITIONAL" ARCHITECTURE MICROSERVICE

    ARCHITECTURE 3SCALE API MANAGEMENT Service/API Owner App Developer Infrastructure Owner App Developer DevOps

14. 14 Integrated Use Case

15. API implementation Multiple new microservices Leverage existing services, some with

    performance limits that need protecting Allow (managed) access for External and Internal application developers via a defined API that is independent of the implementation behind it Do not allow direct access to backing services, that is an implementation detail to be controlled by development and ops teams We are aware there will be more moving parts, so we need visibility into what’s happening Product API Details Service Ratings Service Reviews Service Product Service 15

16. API management and Service Mesh Integration Envoy checks with Mixer,

    based on traffic rules. Mixer (via the adapter) checks with API Management to authorize API requests, and report usage. Only check with API Management when needed Service A Envoy Service B Envoy Policy and Telemetry Checks Istio Control Plane API Management Adapter

17. A new “Service Mesh” option can be selected in Admin

    Portal when configuring an API 17 API management and Service Mesh Integration

18. Ratings Service Reviews Service Details Service Product Service Product API

    Service Mesh Istio Ingress Istio Control Plane API Management Adapter API Consumers Admin Portal Developer Portal API Manager API Provider API Request Developer Apps 18 API management and Service Mesh Integration

19. 19 Rollout Flexibility

20. Two Rollout Scenarios 20 1. API Mgmt: Starting point 2.

    Add Service Mesh 3. Enable 3scale Istio adapter 4. Activate 3scale auth for desired nodes 5. Deactivate auth through 3scale APIcast gateways 6. Result: ◦ Minimal effort to add Service Mesh ◦ Prior investment in access control continues without change ◦ No duplication in traffic control gateways 1. Service Mesh: Starting point 2. Enable 3scale Istio adapter 3. Activate 3scale auth for desired nodes 4. Configure API Management policies for access control 5. Result: ◦ Minimal effort to add API Management ◦ No duplication in traffic control gateways Don’t boil the ocean, phase your deployment for successful Microservices projects

21. 21 Takeaway

22. Service Mesh AND API Management 22 Manage the relationship between

    APIs/Services and their consumers API Management Deliver advanced traffic control, security, resilience and observability for cloud-native apps Service Mesh

23. linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Red Hat is the world’s leading

    provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you 23